From Adobe ColdFusion 11 Security Technical Implementation Guide
Part of SRG-APP-000001-AS-000001
Associated with: CCI-000054
The ColdFusion Administrator Console is used to manage the ColdFusion application server. The console allows a user to configure settings used by hosted applications, maintain connections to external resources, review logs, etc. By disallowing concurrent logons, a user has a method to determine if his account has been comprised (The user will be unable to log into the Administrator Console.) and deters a user from having an open idle session from different work stations which can also be used by an attacker.
Within the Administrator Console, navigate to the "Administrator" settings under the "Security" menu. If the setting "Allow concurrent login sessions for Administrator Console" is checked, this is a finding.
Within the Administrator Console, navigate to the "Administrator" settings under the "Security" menu. To disable concurrent logins, uncheck the "Allow concurrent login sessions for Administrator Console" setting and select the "Submit Changes" button.
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer